ENISA

European Union Agency for Network and Information Security (ENISA) is a center of network and information security expertise for the EU.

The European Union Agency for Network and Information Security (ENISA) is a center of network and information security expertise for the EU, its member states, the private sector and Europe's citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe's critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU.

ENISA's Role

ENISA plays a key role in the implementation of the Framework directive (2002/21/EC as amended by 2009/140/EC) and Article 13a in particular. ENISA is mentioned in the preambles of the Framework directive:

Preamble 44 of the Framework directive asks ENISA to contribute to enhancing the level of security of electronic communications by, among other things, "providing expertise and advice, and promoting the exchange of best practice."

Preamble 44 of the Framework directive mentions that ENISA should have the means to carry out the relevant duties and the powers "to obtain sufficient information to assess the level of security of networks and services."

Preamble 46 of the Framework directive asks ENISA to contribute to the "harmonization of security measures by providing expert advice."

ENISA is also mentioned in Article 13a of the Framework directive:

Paragraph 3 of Article 13a requires National Regulatory Authorities (NRAs) to, when appropriate, inform NRAs in other Member States and ENISA about security incidents.

ENISA has played an important role in giving stakeholders an overview of the information security risks when migrating to the cloud.

ENISA's Objectives

First objective: To implement the incident reporting mandated in Article 13a, i.e. to agree with the Member States on an efficient implementation of pan-European incident reporting, including the processes of ad-hoc reporting about cross-border incidents as well as the annual summary reporting.

Second objective: To support NRAs with the task of ensuring that providers take appropriate security measures and the supervision activities in general, including collecting incident reports nationally, following up on incidents, analyzing and mitigating common root causes, providing guidance to the providers, and so on.

In this way ENISA supports an efficient and harmonized implementation of Article 13a across the EU. Harmonized implementation of legislation is important to create a level playing field and makes it easier for providers and users to operate across different EU countries.

The 2009 ENISA cloud security risk assessment is widely referred to, across EU member states, and outside the EU. Following up on this assessment ENISA published an assurance framework for governing the information security risks when going cloud. This assurance framework is being used as the basis for some industry initiatives on cloud assurance. In 2011 ENISA published a report on security and resilience in government clouds.

To evaluate CenturyLink's compliance with ENISA's criteria, customers can refer to CenturyLink's CSA CAIQ version 3.0.1 where the ENISA's requirements have been mapped against CSA's control framework.

Thank you for your submission. A representative will be reaching out to you within 24 hours.

First Name

Last Name

Email

Phone Number

Company (optional)

Job Title (optional)

Comments (optional)

What type of support do you need?

We have expert agents ready to assist you,
whether you're using Cloud Application Manager or any one of
the services available on the CenturyLink Cloud platform.
Click below to be directed to the appropriate team.